Electronic devices such as computers, mobile phones and tablets usually require an authentication of a user, in order to prevent unauthorized access or to provide personalized features. Exemplarily, the authentication process is particularly important when online financial transactions take place on the device.
Typically, authentication of the user consists in the provision, by the user, of a combination of user name and password. However, there are many drawbacks in the password-based authentication. Passwords need to be manually entered every time that a new access to the device is required. This bothersome procedure often deters users from securing the access to the device. Furthermore, to ensure an appropriate level of security, passwords should comply with some complexity constraints such as containing both alphanumeric and special characters, and each device should possibly have a different password. The effort of remembering is also perceived as a burden by the user and, thus, may affect the level of security. Additionally, passwords may be hacked, phished or seen by unauthorized users during inputting on the device. Since the identity of the user is merely associated with the knowledge of the password, an unauthorized user in possession of the password may easily fake the identity of the real user. Therefore the password may provide identification, but not necessarily authentication, in the sense that no reliable confirmation of the identity of the user is provided.